Strong Customer Authentication (SCA)

Strong Customer Authentication (SCA) is a European regulatory requirement set out in Regulatory Technical Standards (RTS) to reduce fraud and make online transactions more secure.

Platforms with users initiating online transactions, e.g., online card payments, funds transfers, transaction data retrieval, within the UK or European Economic Area (EEA) will need to satisfy SCA requirements to proceed with the transaction. All online transactions require SCA unless an exemption can be applied or the transaction is considered out of scope for SCA – for example, merchant-initiated transactions (e.g. direct debit).

Airwallex will enforce SCA requirements on platform's customers (Businesses or Individuals) onboarded as connected accounts to Airwallex entities in EEA/UK, even if the beneficiary's bank (for funds transfers) or shopper's bank (for online card payments) is located outside of the EEA/UK. Note that SCA may also be enforced by Airwallex's Risk engine based on internal rules.

This guide covers handling SCA enforcement for transaction data retrieval, such as viewing account balances and transaction data, as well as funds transfers using Embedded SCA component. While you can choose to implement a unified SCA flow for both these scenarios, Airwallex recommends implementing distinct handling flows to reduce friction and maximize security.